Vulnerability-Lookup

CVE-2024-21410 (GCVE-0-2024-21410)

Vulnerability from cvelistv5 – Published: 2024-02-13 18:02 – Updated: 2025-10-21 23:05

CISA KEVIntel

Title

Microsoft Exchange Server Elevation of Privilege Vulnerability

Summary

Microsoft Exchange Server Elevation of Privilege Vulnerability

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

SSVC

Exploitation: active Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-287 - Improper Authentication

Assigner

microsoft

References

2 references

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

Impacted products

3 products

Vendor	Product	Version
Microsoft	Microsoft Exchange Server 2016 Cumulative Update 23	Affected: 15.01.0 , < 15.01.2507.037 (custom)
Microsoft	Microsoft Exchange Server 2019 Cumulative Update 13	Affected: 15.02.0 , < 15.2.1544.004 (custom)
Microsoft	Microsoft Exchange Server 2019 Cumulative Update 14	Affected: 15.02.0 , < 15.2.1544.004 (custom)

Date Public

2024-02-13 08:00

CISA

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 6d63aa09-d030-4d3c-ab77-67aa6cf4d4cc

Vulnerability ID: CVE-2024-21410

Status: Confirmed

Status Updated: 2024-02-15 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2024-02-15

Asserted: 2024-02-15

Scope

Notes: KEV entry: Microsoft Exchange Server Privilege Escalation Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-03-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410; https://nvd.nist.gov/vuln/detail/CVE-2024-21410

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-287
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Exchange Server
Due Date	2024-03-07
Date Added	2024-02-15
Vendorproject	Microsoft
Vulnerabilityname	Microsoft Exchange Server Privilege Escalation Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2024-21410

Created: 2026-02-02 13:24 UTC | Updated: 2026-02-06 07:53 UTC

KEVIntel

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 143f7cf8-a4ab-4e82-a8d1-27e8d711757a

Vulnerability ID: CVE-2024-21410

Status: Confirmed

Status Updated: 2024-02-15 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2024-02-15

Asserted: 2024-02-15

Scope

Notes: KEVIntel entry: Microsoft Exchange Server Elevation of Privilege Vulnerability | Affected: Microsoft / Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 13, Microsoft Exchange Server 2019 Cumulative Update 14 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	Microsoft Exchange Server Elevation of Privilege Vulnerability
Vendor	Microsoft
Product	Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 13, Microsoft Exchange Server 2019 Cumulative Update 14
Added Date	2024-02-15T00:00:00.000Z
Cvss Score	9.8
Epss Score	None
Cvss Severity	CRITICAL
Epss Percentile	None
Used In Malware	unknown
Ahead Of Cisa Kev	None
Not Yet In Cisa Kev	False

References

Created: 2026-06-23 11:14 UTC | Updated: 2026-06-23 11:14 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21410",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-15T05:15:55.675675Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-02-15",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21410"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:24.615Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21410"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-02-15T00:00:00.000Z",
            "value": "CVE-2024-21410 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:20:40.564Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 23",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.01.2507.037",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 13",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.2.1544.004",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 14",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.2.1544.004",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
                  "versionEndExcluding": "15.01.2507.037",
                  "versionStartIncluding": "15.01.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*",
                  "versionEndExcluding": "15.2.1544.004",
                  "versionStartIncluding": "15.02.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_14:*:*:*:*:*:*",
                  "versionEndExcluding": "15.2.1544.004",
                  "versionStartIncluding": "15.02.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-02-13T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T01:37:17.860Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410"
        }
      ],
      "title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-21410",
    "datePublished": "2024-02-13T18:02:48.590Z",
    "dateReserved": "2023-12-08T22:45:21.299Z",
    "dateUpdated": "2025-10-21T23:05:24.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-21410",
      "cwes": "[\"CWE-287\"]",
      "dateAdded": "2024-02-15",
      "dueDate": "2024-03-07",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410; https://nvd.nist.gov/vuln/detail/CVE-2024-21410",
      "product": "Exchange Server",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Exchange Server Privilege Escalation Vulnerability"
    },
    "epss": {
      "cve": "CVE-2024-21410",
      "date": "2026-06-27",
      "epss": "0.12661",
      "percentile": "0.95756"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-21410\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2024-02-13T18:15:59.680\",\"lastModified\":\"2026-06-17T07:09:14.233\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Exchange Server Elevation of Privilege Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de elevaci\u00f3n de privilegios de Microsoft Exchange Server\"}],\"affected\":[{\"source\":\"secure@microsoft.com\",\"affectedData\":[{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Exchange Server 2016 Cumulative Update 23\",\"platforms\":[\"x64-based Systems\"],\"versions\":[{\"version\":\"15.01.0\",\"lessThan\":\"15.01.2507.037\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Exchange Server 2019 Cumulative Update 13\",\"platforms\":[\"x64-based Systems\"],\"versions\":[{\"version\":\"15.02.0\",\"lessThan\":\"15.2.1544.004\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Microsoft\",\"product\":\"Microsoft Exchange Server 2019 Cumulative Update 14\",\"platforms\":[\"x64-based Systems\"],\"versions\":[{\"version\":\"15.02.0\",\"lessThan\":\"15.2.1544.004\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-02-15T05:15:55.675675Z\",\"id\":\"CVE-2024-21410\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2024-02-15\",\"cisaActionDue\":\"2024-03-07\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Microsoft Exchange Server Privilege Escalation Vulnerability\",\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF76AEDA-E574-40ED-B64F-8FDEF8CAC802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"583745C7-B802-4CBE-BD88-B5B9AF9B5371\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_14:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C98993B-82A5-48CC-947F-896CEA0CDB7F\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21410\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410\", \"name\": \"Microsoft Exchange Server Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:20:40.564Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21410\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-15T05:15:55.675675Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-02-15\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21410\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-02-15T00:00:00.000Z\", \"value\": \"CVE-2024-21410 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21410\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-01T18:11:19.604Z\"}}], \"cna\": {\"title\": \"Microsoft Exchange Server Elevation of Privilege Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 23\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.01.0\", \"lessThan\": \"15.01.2507.037\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2019 Cumulative Update 13\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.02.0\", \"lessThan\": \"15.2.1544.004\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2019 Cumulative Update 14\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.02.0\", \"lessThan\": \"15.2.1544.004\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2024-02-13T08:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410\", \"name\": \"Microsoft Exchange Server Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Microsoft Exchange Server Elevation of Privilege Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287: Improper Authentication\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"15.01.2507.037\", \"versionStartIncluding\": \"15.01.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"15.2.1544.004\", \"versionStartIncluding\": \"15.02.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_14:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"15.2.1544.004\", \"versionStartIncluding\": \"15.02.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-05-03T01:37:17.860Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-21410\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:24.615Z\", \"dateReserved\": \"2023-12-08T22:45:21.299Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2024-02-13T18:02:48.590Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2024-01319

Vulnerability from fstec - Published: 13.02.2024

Title

Уязвимость почтового сервера Microsoft Exchange Server, связанная с утечкой учетных данных NTLM, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость почтового сервера Microsoft Exchange Server связана с утечкой учетных данных NTLM в результате неправомерного доступа к ресурсу. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Microsoft Corp

Software Name

Microsoft Exchange Server

Software Version

2019 Cumulative Update 14 (Microsoft Exchange Server), 2016 Cumulative Update 23 (Microsoft Exchange Server), 2019 Cumulative Update 13 (Microsoft Exchange Server)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - настройка расширенной защиты для аутентификации (EPA) для серверов Exchange, информация по настройке доступна по ссылке: https://microsoft.github.io/CSS-Exchange/Security/ExchangeExtendedProtectionManagement Использование рекомендаций производителя: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410 https://thehackernews.com/2024/02/critical-exchange-server-flaw-cve-2024.html https://www.cybersecurity-help.cz/vdb/SB2024021336 https://www.bleepingcomputer.com/news/security/microsoft-new-critical-exchange-bug-exploited-as-zero-day/

CWE

CWE-668

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO1086",
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO1086 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u043a\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f Exchange Server 2019 (KB5035606)",
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "2019 Cumulative Update 14 (Microsoft Exchange Server), 2016 Cumulative Update 23 (Microsoft Exchange Server), 2019 Cumulative Update 13 (Microsoft Exchange Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0434\u043b\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (EPA) \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Exchange, \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043f\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435:\nhttps://microsoft.github.io/CSS-Exchange/Security/ExchangeExtendedProtectionManagement\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.02.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-01319",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-21410",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Exchange Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Microsoft Exchange Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0443\u0442\u0435\u0447\u043a\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 NTLM, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043e\u0447\u043d\u043e\u0439 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 (CWE-668)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Microsoft Exchange Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0443\u0442\u0435\u0447\u043a\u043e\u0439 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 NTLM \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043d\u0435\u043f\u0440\u0430\u0432\u043e\u043c\u0435\u0440\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0440\u0435\u0441\u0443\u0440\u0441\u0443. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410\nhttps://thehackernews.com/2024/02/critical-exchange-server-flaw-cve-2024.html\nhttps://www.cybersecurity-help.cz/vdb/SB2024021336\nhttps://www.bleepingcomputer.com/news/security/microsoft-new-critical-exchange-bug-exploited-as-zero-day/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-668",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CERTFR-2024-AVI-0131

Vulnerability from certfr_avis - Published: 2024-02-14 - Updated: 2024-02-14

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un déni de service, une élévation de privilèges, une usurpation d'identité et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Dynamics 365 Customer Engagement V9.1
Microsoft	N/A	Microsoft Dynamics 365 Business Central 2022 Release Wave 2
Microsoft	N/A	Microsoft Teams pour Android
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft	N/A	Skype pour Business Server 2019 CU7
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft	N/A	Microsoft Visio 2016
Microsoft	N/A	Microsoft Entra Jira Single-Sign-On Plugin
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 13 et 14
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.4, 17.6 et 17.8
Microsoft	N/A	Microsoft Dynamics 365 Business Central 2023 Release Wave 1 et 2
Microsoft	N/A	Skype pour Business 2016

References

Title

Publication Time

FKIE_CVE-2024-21410

Vulnerability from fkie_nvd - Published: 2024-02-13 18:15 - Updated: 2026-06-17 07:09

CISA KEVIntel

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Microsoft Exchange Server Elevation of Privilege Vulnerability

References

URL	Tags
secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410	Patch, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21410	US Government Resource

Impacted products

Vendor	Product	Version
microsoft	exchange_server	2016
microsoft	exchange_server	2019
microsoft	exchange_server	2019

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 23",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.01.2507.037",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 13",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.2.1544.004",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 14",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.2.1544.004",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "source": "secure@microsoft.com"
    }
  ],
  "cisaActionDue": "2024-03-07",
  "cisaExploitAdd": "2024-02-15",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Microsoft Exchange Server Privilege Escalation Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
              "matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*",
              "matchCriteriaId": "583745C7-B802-4CBE-BD88-B5B9AF9B5371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_14:*:*:*:*:*:*",
              "matchCriteriaId": "8C98993B-82A5-48CC-947F-896CEA0CDB7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de elevaci\u00f3n de privilegios de Microsoft Exchange Server"
    }
  ],
  "id": "CVE-2024-21410",
  "lastModified": "2026-06-17T07:09:14.233",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2024-21410",
          "options": [
            {
              "exploitation": "active"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2024-02-15T05:15:55.675675Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2024-02-13T18:15:59.680",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21410"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MV5V-R4X4-QMXW

Vulnerability from github – Published: 2024-02-13 18:38 – Updated: 2025-10-22 00:32

Details

Microsoft Exchange Server Elevation of Privilege Vulnerability

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-21410"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-13T18:15:59Z",
    "severity": "CRITICAL"
  },
  "details": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
  "id": "GHSA-mv5v-r4x4-qmxw",
  "modified": "2025-10-22T00:32:59Z",
  "published": "2024-02-13T18:38:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21410"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21410"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-21410

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Microsoft Exchange Server Elevation of Privilege Vulnerability

Aliases

CVE-2024-21410

Aliases

CVE-2024-21410

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2024-21410",
    "id": "GSD-2024-21410"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-21410"
      ],
      "details": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
      "id": "GSD-2024-21410",
      "modified": "2023-12-13T01:21:42.637499Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2024-21410",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "N/A"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 13",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "15.2.1544.004"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 14",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "15.2.1544.004"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-287",
                "lang": "eng",
                "value": "CWE-287: Improper Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2024-03-07",
        "cisaExploitAdd": "2024-02-15",
        "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
        "cisaVulnerabilityName": "Microsoft Exchange Server Privilege Escalation Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
                    "matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*",
                    "matchCriteriaId": "583745C7-B802-4CBE-BD88-B5B9AF9B5371",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_14:*:*:*:*:*:*",
                    "matchCriteriaId": "8C98993B-82A5-48CC-947F-896CEA0CDB7F",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
          },
          {
            "lang": "es",
            "value": "Vulnerabilidad de elevaci\u00f3n de privilegios de Microsoft Exchange Server"
          }
        ],
        "id": "CVE-2024-21410",
        "lastModified": "2024-04-11T20:15:30.337",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.9,
              "source": "secure@microsoft.com",
              "type": "Primary"
            }
          ]
        },
        "published": "2024-02-13T18:15:59.680",
        "references": [
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410"
          }
        ],
        "sourceIdentifier": "secure@microsoft.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-287"
              }
            ],
            "source": "secure@microsoft.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

MSRC_CVE-2024-21410

Vulnerability from csaf_microsoft - Published: 2024-02-13 08:00 - Updated: 2024-03-01 08:00

Summary

Microsoft Exchange Server Elevation of Privilege Vulnerability

Severity

Critical

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2024-21410

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-287 - Improper Authentication

Affected products

Fixed 3 products

Product	Identifier	Version	Remediation
Microsoft Exchange Server 2016 Cumulative Update 23 15.01.2507.037 Microsoft Exchange Server 2016 Cumulative Update 23		15.01.2507.037
Microsoft Exchange Server 2019 Cumulative Update 13 15.2.1544.004 Microsoft Exchange Server 2019 Cumulative Update 13		15.2.1544.004
Microsoft Exchange Server 2019 Cumulative Update 14 15.2.1544.004 Microsoft Exchange Server 2019 Cumulative Update 14		15.2.1544.004

Known affected 3 products

Product	Version	Remediation
Microsoft Exchange Server 2019 Cumulative Update 14 <15.2.1544.004 Microsoft Exchange Server 2019 Cumulative Update 14	<15.2.1544.004	Vendor Fix fix
Microsoft Exchange Server 2019 Cumulative Update 13 <15.2.1544.004 Microsoft Exchange Server 2019 Cumulative Update 13	<15.2.1544.004	Vendor Fix fix
Microsoft Exchange Server 2016 Cumulative Update 23 <15.01.2507.037 Microsoft Exchange Server 2016 Cumulative Update 23	<15.01.2507.037	Vendor Fix fix

Threats

Impact Elevation of Privilege

Exploit Status Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2024/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2024/m…	self

Acknowledgments

Internally found by Microsoft

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Internally found by Microsoft"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410"
      },
      {
        "category": "self",
        "summary": "CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2024/msrc_cve-2024-21410.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
    "tracking": {
      "current_release_date": "2024-03-01T08:00:00.000Z",
      "generator": {
        "date": "2025-05-03T01:36:59.785Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2024-21410",
      "initial_release_date": "2024-02-13T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-02-13T08:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2024-02-14T08:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Updated the Exploited flag and Exploitability Assessment to indicate that Microsoft was aware of exploitation of this vulnerability. This is an informational change only."
        },
        {
          "date": "2024-02-15T08:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added FAQ information. This is an informational change only."
        },
        {
          "date": "2024-03-01T08:00:00.000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Updated FAQ information. This is an informational change only."
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.01.2507.037",
            "product": {
              "name": "Microsoft Exchange Server 2016 Cumulative Update 23 \u003c15.01.2507.037",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "15.01.2507.037",
            "product": {
              "name": "Microsoft Exchange Server 2016 Cumulative Update 23 15.01.2507.037",
              "product_id": "12039"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Exchange Server 2016 Cumulative Update 23"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.2.1544.004",
            "product": {
              "name": "Microsoft Exchange Server 2019 Cumulative Update 13 \u003c15.2.1544.004",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "15.2.1544.004",
            "product": {
              "name": "Microsoft Exchange Server 2019 Cumulative Update 13 15.2.1544.004",
              "product_id": "12191"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Exchange Server 2019 Cumulative Update 13"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.2.1544.004",
            "product": {
              "name": "Microsoft Exchange Server 2019 Cumulative Update 14 \u003c15.2.1544.004",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "15.2.1544.004",
            "product": {
              "name": "Microsoft Exchange Server 2019 Cumulative Update 14 15.2.1544.004",
              "product_id": "12293"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Exchange Server 2019 Cumulative Update 14"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-21410",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "Download Mitigating Pass the Hash (PtH) Attacks and Other Credential Theft, Version 1 and 2.  This document discusses Pass-the-Hash (PtH) attacks against the Windows operating systems and provides holistic planning strategies that, when combined with the Windows security features, will provide a more effective defense against pass-the-hash attacks.",
          "title": "Where can I find more information about NTLM relay attacks?"
        },
        {
          "category": "faq",
          "text": "An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim\u0027s behalf. For more information about Exchange Server\u0027s support for Extended Protection for Authentication(EPA), please see Configure Windows Extended Protection in Exchange Server.",
          "title": "How could an attacker exploit this vulnerability?"
        },
        {
          "category": "faq",
          "text": "An attacker who successfully exploited this vulnerability could relay a user\u0027s leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user.",
          "title": "According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "This CVE for Exchange Server 2019 Cumulative Update 14 enforces previous mitigations by default. We provided an optional mitigation for NTLM relay attacks in general in August 2022. These were documented in an Outlook CVE (CVE-2023-23397). Microsoft was aware of targeted NTLM relay attacks back in 2023; however, we are not aware of any current exploitation of NTLM relay attacks against Exchange Server.\nMicrosoft strongly recommends installing CU14 on Exchange Server 2019 or enabling Extended Protection within your organization as per Configure Windows Extended Protection in Exchange Server.\nPrior to the Exchange Server 2019 Cumulative Update 14 (CU14) update, Exchange Server did not enable NTLM credentials Relay Protections (called Extended Protection for Authentication or EPA) by default. Without the protection enabled, an attacker can target Exchange Server to relay leaked NTLM credentials from other targets (for example Outlook). Exchange Server 2019 CU14 enables EPA by default on Exchange servers. For more information regarding this update, please refer to the latest Exchange Blog Post.\nMicrosoft introduced Extended Protection support as an optional feature for Exchange Server 2016 CU23 with the August 2022 security update (build 15.01.2507.012). We strongly recommend to download the latest security update for Exchange Server 2016 CU23 prior turning Extended Protection by the help of the ExchangeExtendedProtectionManagement.ps1 on.\nYes. If, for example, you are running Exchange Server 2019 CU13 or earlier and you have previously run the script then you are protected from this vulnerability, however, Microsoft strongly suggests installing the latest cumulative update.\nRun the latest version of the Exchange Server Health Checker script. The script will provide you with an overview of the Extended Protection status of your server.",
          "title": "Why is this CVE listed as being exploited?"
        }
      ],
      "product_status": {
        "fixed": [
          "12039",
          "12191",
          "12293"
        ],
        "known_affected": [
          "1",
          "2",
          "3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410"
        },
        {
          "category": "self",
          "summary": "CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2024/msrc_cve-2024-21410.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-13T08:00:00.000Z",
          "details": "15.01.2507.037:Security Update:https://support.microsoft.com/help/5036386",
          "product_ids": [
            "3"
          ],
          "url": "https://support.microsoft.com/help/5036386"
        },
        {
          "category": "vendor_fix",
          "date": "2024-02-13T08:00:00.000Z",
          "details": "15.2.1544.004:Security Update:https://support.microsoft.com/help/5035606",
          "product_ids": [
            "2",
            "1"
          ],
          "url": "https://support.microsoft.com/help/5035606"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 9.1,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Elevation of Privilege"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected"
        }
      ],
      "title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
    }
  ]
}

WID-SEC-W-2024-0359

Vulnerability from csaf_certbund - Published: 2024-02-13 23:00 - Updated: 2024-02-14 23:00

Summary

Microsoft Exchange Server: Schwachstelle ermöglicht Privilegieneskalation

Severity

Kritisch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Microsoft Exchange Server ist das Serverprodukt für das Client-Server Groupware- und Nachrichtensystem der Firma Microsoft.

Angriff: Ein entfernter anonymer Angreifer kann eine Schwachstelle in Microsoft Exchange Server ausnutzen, um seine Berechtigungen zu erhöhen.

Betroffene Betriebssysteme: - Windows

CVE-2024-21410

Es besteht eine Schwachstelle in Microsoft Exchange Server 2016 und Microsoft Exchange Server 2019. Diese Schwachstelle ist noch nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern.

Affected products

Known affected 3 products

Product	Identifier	Version
Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft / Exchange Server 2019	`cpe:/a:microsoft:exchange_server_2019:cumulative_update_13`	Cumulative Update 13
Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft / Exchange Server 2016	`cpe:/a:microsoft:exchange_server_2016:cumulative_update_23`	Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft / Exchange Server 2019	`cpe:/a:microsoft:exchange_server_2019:cumulative_update_14`	Cumulative Update 14

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide	external
https://msrc.microsoft.com/update-guide/en-US/adv…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Microsoft Exchange Server ist das Serverprodukt f\u00fcr das Client-Server Groupware- und Nachrichtensystem der Firma Microsoft.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer Angreifer kann eine Schwachstelle in Microsoft Exchange Server ausnutzen, um seine Berechtigungen zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0359 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0359.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0359 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0359"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2024-02-13",
        "url": "https://msrc.microsoft.com/update-guide"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates CVE-2024-21410 vom 2024-02-14",
        "url": "https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21410"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Exchange Server: Schwachstelle erm\u00f6glicht Privilegieneskalation",
    "tracking": {
      "current_release_date": "2024-02-14T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:05:08.929+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0359",
      "initial_release_date": "2024-02-13T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-13T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-02-14T23:00:00.000+00:00",
          "number": "2",
          "summary": "Exploit-Hinweis aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Cumulative Update 23",
                "product": {
                  "name": "Microsoft Exchange Server 2016 Cumulative Update 23",
                  "product_id": "T023152",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:exchange_server_2016:cumulative_update_23"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Exchange Server 2016"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Cumulative Update 13",
                "product": {
                  "name": "Microsoft Exchange Server 2019 Cumulative Update 13",
                  "product_id": "T028109",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:exchange_server_2019:cumulative_update_13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Cumulative Update 14",
                "product": {
                  "name": "Microsoft Exchange Server 2019 Cumulative Update 14",
                  "product_id": "T032780",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:exchange_server_2019:cumulative_update_14"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Exchange Server 2019"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-21410",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Microsoft Exchange Server 2016 und Microsoft Exchange Server 2019. Diese Schwachstelle ist noch nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028109",
          "T023152",
          "T032780"
        ]
      },
      "release_date": "2024-02-13T23:00:00.000+00:00",
      "title": "CVE-2024-21410"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-21410 (GCVE-0-2024-21410)

CISA

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

KEVIntel

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Successful Exploitation Confidence: 70% Source: kevintel

Details

References

BDU:2024-01319

CERTFR-2024-AVI-0131

Solution

FKIE_CVE-2024-21410

GHSA-MV5V-R4X4-QMXW

GSD-2024-21410

MSRC_CVE-2024-21410

WID-SEC-W-2024-0359

Tags

Sightings

Nomenclature